General
-
Target
25062024_1713_25062024_wise_deposit_note__1114218690__3287491072__eml.ZIP
-
Size
661KB
-
Sample
240625-vrexbasejh
-
MD5
8fcb77d198630126aaa72357b12affd2
-
SHA1
9eaf7411c920ac700bb6215b64f0385a2c9365c7
-
SHA256
6832b376821170cd1a109fec9ad84f2b32adaed7f592edfd1c02a4b0f708b8d6
-
SHA512
df2e66c9e2f42c76fa10e43aedef6922d3118e1db083864d348e4f0ec6467f441c27d80123078795f0f03c07f5db5f89bd43dd0ae7037f1c4502fa69481f6218
-
SSDEEP
12288:aBuVk4h/wydZLfYUI2Lof7luz+OhmVKbmYQPScKY4sgosML+SfkXX:w6/tDLQn2UfJvOJ6YQPStrXX
Static task
static1
Behavioral task
behavioral1
Sample
wise_deposit_note__1114218690__3287491072__en.cmd
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
ca63
themaxrichth.online
lhzshb.com
isacarrceramics.online
duhochanquoc.website
apexmedia.pro
33311.pro
x2mjbu8gg.shop
dashcreative.online
nifle.shop
hora.lol
rclrwa.asia
aviation-training-sqj.top
a9659a62.vip
uspgh.work
hhol5.top
jinkaida-cn.cn
watchwedding.com
728ym.lat
gillieron.swiss
bingsne.online
professionaljournalism.com
senior-living-15150.bond
chatsio.com
dr-jordan.site
sador.xyz
nagaways.online
552357.pro
domainupdate.site
3v5u21668.shop
dh76044.vip
cineflickapp.online
ht31a.vip
workingcat.online
9h6db.shop
evallc.net
sun20win.digital
683ym.lat
retrosystem.fun
bgkamil.xyz
androidmobiledk.today
gsptx.online
onlineit.sbs
violetnuit.shop
kyusgwh2.top
vdqgj.asia
helpmepeas.net
4399game.asia
tent-homes-10133.bond
moki.dev
raildriver.net
lkjuy.xyz
presentdadsmatter.shop
amp-kopi77i2.xyz
cyber-security-onli.bond
rtpcmbet27.xyz
80lrlaenant8.life
urostatingr.shop
xn--fiq73f39fx0y2hq.work
zc041.xyz
34-health.shop
yunhaicm.asia
domain-2.buzz
money1lifecoachingservice.net
5301ulovp.website
siasstudios.com
Targets
-
-
Target
wise_deposit_note__1114218690__3287491072__en.cmd
-
Size
2.4MB
-
MD5
42323f7609e2e5c56add77d01e27432f
-
SHA1
e5262c46781a8c58aaee00a529ed7597dbb2b698
-
SHA256
4cb31951ae2b4f8b86b532c25762252f28525f55061d8d09a356a9c8f12029b2
-
SHA512
0814feee3013a4409c3171f30dc9d9d4ffe5626e6ba28a257163fa8f26380751fbd5ba7077e47e9bcd59d8b852b50822fb3383c9a6366b8619db7627d9ded44d
-
SSDEEP
24576:IPHN8ur54cKt8AdV30Z3ZRYwVxrhWHmmV/MBm54hRCKxBJxsv:IPHSur5M8Ar30JnrQLMEBv
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-